libheif: update to 1.23.0.
This is a smaller release that adds API functions to read and write metadata:
ambient viewing environment
nominal diffuse white luminance
It also adds a output_image_nclx_profile_passthrough option to
heif_decoding_options to pass through the input image NCLX without
doing any internal color conversion.
Security
CVS TBD (GHSA-jvmp-j3cw-84mh) - unbounded heap allocation in HEIF sequence parser (stsz fixed-size mode missing bound check)
py-test-run-parallel: updated to 0.9.0
0.9.0
Drop python 3.9
Add a force_parallel_threads mark
Avoid crash for sybil doctests
Fix test failures running on a single-CPU system
octave: updated to 11.2.0
Summary of bugs fixed for version 11.2.0 (2026-05-28):
Improvements and fixes
- Speed up `pkg install` and provide more output with `-verbose`.
- `cmach-info.h`: Add visibility attribute to function declarations.
- Re-implement `weboptions` and affected functions `webread`, `webwrite`.
- Remove semicolon after function definitions.
- Fix possible out-of-bound indexing in N-D Array assignment.
- Allow classdef constructor to return a classdef array of itself.
- Fix pager in CLI on Windows and disable it in the GUI
- Deprecate `all` and `any` for non-numeric/non-logical types
- Silence compiler warning about possible use of uninitialized variable.
- Fix input validation of `permB` input to `eigs()`.
- Check floating point subscripts before converting to `octave_idx_type`
floating-point index values before casting them to `octave_idx_type`.
- Fix `norm (S, 2)` for all-zero sparse matrices
[30 lines not shown]
curl: document the circular dependency
We have it in the CVS history, but let's document it as an "XXX" comment too so
possible future hands are less tempted to just uncomment them!
Thanks <ryoon> and Marc Baudoin!
chromium: update to 148.0.7778.215
* 148.0.7778.215
This update includes 151 security fixes. Below, we highlight fixes
that were contributed by external researchers.
Please see the Chrome Security Page for more information.
* 148.0.7778.178
This update includes 16 security fixes. Below, we highlight fixes
that were contributed by external researchers.
Please see the Chrome Security Page for more information.
* pkgsrc: enable wayland support
Fix up PROM's where reg is encoded as a 64-bit and a 32-bit value
(e.g. 00000400 0fc62020 00000010), but we want 2 x 64-bit values.
U45 with OBP 4.21.2 has jbus-i2c configured like this.
py-pyrate-limiter: updated to 4.2.0
4.2.0
Guard sync _delay_waiter against negative wait values from bucket backends
fix(docs): align docstrings and fix: db_path=None temporary DB behavior
Typo fix for pypi
bug fix: Limiter initialization in README for SQLite
fix: add close() method to avoid ResourceWarning about unclosed transports
py-txtorcon: updated to 26.6.0
26.6.0
* eliminate GeoIP as a dependency
This will still load Tor's geoip-db if GeoIP is installed, and the database is found.
Only country-codes are supported by this database.
Essentially this is just optimization: txtorcon will ask Tor for the country-code of anything interesting via the existing `get_location()` API.
py-pip: updated to 26.1.2
26.1.2 (2026-05-31)
Bug Fixes
- Reject ``console_scripts`` and ``gui_scripts`` entry points whose name would
install a script outside the scripts directory.
- Fix installation incorrectly failing when the target path contains a doubled
slash, such as with ``pip install --root //...``.
- Send a consistent ``Accept-Encoding`` header to avoid a spurious ``Cache entry
deserialization failed`` warning.
